Bug 20702

Summary: Perl IO::Socket::SSL Hostname Matching Security Bypass
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: perl-IO-Socket-SSLAssignee: viy <viy>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: normal    
Priority: P3 CC: at, cas, crux, ender, lav, ldv, mike, qa_viy, shaba, viy
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://secunia.com/advisories/35703/

Description Vladimir Lettiev 2009-07-07 20:11:30 MSD 
A vulnerability has been reported in IO::Socket::SSL, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error within the certificate hostname matching when no wildcard was given, which can be exploited to bypass the hostname verification.

Fixed in 1.26
Comment 1 Vladimir Lettiev 2010-04-24 11:14:29 MSD 
fixed
Comment 2 Vladimir Lettiev 2010-04-24 11:14:55 MSD 
closed